Converting Binary SID to String SID

by Oct 21, 2013

Active Directory accounts contain the SID in binary form. To convert the byte array into a string representation, use a .NET function like this:

# get current user
$searcher = [ADSISearcher]"(&(objectClass=User)(objectCategory=person)(sAMAccountName=$env:username))"
$user = $searcher.FindOne().GetDirectoryEntry() 

# get binary SID from AD account
$binarySID = $user.ObjectSid.Value

# convert to string SID
$stringSID = (New-Object System.Security.Principal.SecurityIdentifier($binarySID,0)).Value


In this example, an ADSI searcher gets the current user account (provided the currently logged on user is logged on to a domain). Then, the binary SID is converted to a string SID.

Twitter This Tip! ReTweet this Tip!